Dealing with targeted security incidents is a very challenging situation for any organization; the skills required to handle such incidents are rarely found in the typical SOC (even for Fortune 500 corporations). Our incident response organization has 15+ years’ experience in executing incident response investigations of advanced persistent threats (APTs) in very complex environments from different industries and geographical locations.
Offensive Shield’s IR consultants have extensive experience in successfully handling engagements involving some of the most advanced APTs that made the news headlines.
Offensive Shield also provides Digital Forensics investigations (as part of the IR engagement or on-demand). One of the most sophisticated area of the DFIR field Digital Forensics (DF) can answer questions that an IR investigation may not be able to. DF requires very high technical skills and can be very helpful in number of complex investigations such as when the threat actor tries to hide its tracks or for internal corporate investigations that may lead up to law enforcement involvement.
In all Incident Response engagements, the experts of our digital forensics incident response organization use industry validated tools and investigation techniques to:
Contain the threats from further doing damage to the business assets, operations and/or reputation
Analyze the tools techniques and procedures of the threat actors
Remove adversaries from the corporate environment
Provide remediation guidance to restore the environment back to production and with an improved security posture.
Digital Forensics (DF) most of the times is a required part of a complex Incident Response engagement to assess all the implications of the compromise/breach. While Incident Response has a heavy focus on restoring services back to production as soon as possible, Digital Forensics is a deep dive using all the existing digital evidence (e.g. disk images, memory dumps, network based evidence) to answer some of the hardest riddles of the cyber investigation.
At our digital forensics incident response organization, such investigations can also be initiated “on-demand” in case suspicious/unexplained events are observed in relation to critical production environment.
With an IR Retainer, during the onboarding phase the client is provided with actionable recommendations to enable and improve existing detection capabilities to ensure the IR engagement will be very efficient in minimizing the cyber-attack business impact.